Information in accordance to and as effect of GDPR EU 2016/679 concerning the treatment of personal data.

The undersigned society SGF srl (hereinafter “Data Controller”) as owner of the treatment, informs you, pursuant to Article 13 of the EU Regulation 2016/679 (hereinafter “GDPR”) that your data will be treated with/for the following terms/purposes:

Objective of the treatment.

The data collection and the treatment are made:

  1. To define the contracts for the services/products given
  2. To fulfill the pre-contract, contract and finacial obligations originated by our relationship
  3. To exercise the Data Controller rights, for ex. the right of defence in court
  4. To manage business communications about our services/products and customers’ satisfaction
  5. To manage the possible presences at our seat in order to carry out the safety rules in workplaces and other connected laws (paper/digital registers, badges to handle the accesses at our operative seats)
  6. To supervise the entries through the video surveillance system in order to guarantee the safety of people inside the workplace, the defence of the company heritage and for organisational/pruductive necessities

and will be object of treatment inspired to accuracy, legality, transparency and protection of your privacy and rights. Your personal data will be treated for the entire duration of the business collaboration and after to complete all the laws procedures as well.

Data processing methods

Data collected for the objectives above are processed by automated ways, on electronic or magnetic tools, or non-automated ways, on paper supports, in observance of privacy and safety rules provided by laws, consequent regulations and internal instructions.

Data processing place

At the moment data are treated and filed among the operative seat. They are also processed, on behalf of the undersigned, by experts and/or companies charged to carry out technical, development, management and administrative activities.

Optional and required data submission and reject effects

It is mandatory to provide all the data required from the contract and any refusal to provide such consent will make it impossible for the undersigned company to respond and perform any duty of the collaboration.

Data communication

During the process, your data may be handled by the following categories:

  • Data controller’s employees and colleagues, as officers, data processors or system administrators;
  • Third-party companies or any other subjects supplying outsourcing activities for the management;
  • Pursuant art. 6 letters B, C of GDPR, consent is not required to communicate your data to the Security, Judicial Authorities and any other subject concerned by law. These above-mentioned subjects will process the data as independent data controller.
  • Experts and companies to support business communications connected to services/products we supply, similar and relevant for the customer satisfaction;
  • Experts and support companies to handle the presences at our seat in order to carry out the safety rules in workplaces and other connected laws;
  • Experts and support companies to manage the video surveillance

Data transfer abroad

To fulfill the pre-contract, contract and finacial obligations originated by our relationship, some data might be notified to subjects (customers or suppliers to comply the contract’s duties) in other EU or extra-eu Countries. If needed, the undersigned company will have the possibility to move the data on server in other EU or extra-au countries.

Period of data storage

Any personal data collected shall be stored in our files as follows:

  • To define the contracts of our services/products, to fulfill the pre-contract, contract and finacial obligations originated by our relationship and exercise the Data Controller’s rights, for ex. the right of defence in court, for administration, accountance, contract and labour-laws activities, controversy management: pursuant art. 2220 C.C. , 10 years except extension in case of possible payment delays
  • To manage business communications about our products/services and customers’ satisfaction: 10 years after the end of the contract
  • To handle the presences at our seat: 48 hours
  • To manage the video surveillance system on the accesses in order to assure the security of people inside the operative seat, the defence of the company heritage and for organisational/pruductive necessity: 24 hours.

 Data subject’s rights

Your may exercise your rights as follows:

  • Access right (art. 15): all those concerned can request the Data Controller if there’s an outstanding data process about them and, in case, obtain the access.
  • Rectify right (srt. 16): all those concerned can request the Data Controller to rectify the wrong personal data without any unexcused delay. Taking in consideration the goal of the treatment, all those concerned can obtain to add the incomplete data, also providing a supplementary declaration.
  • Erase right (art. 17): all those concerned can request the Data Controller to erase their personal data without any unexcused delay; the Data Controller must cancel these data without any unexcused delay if:

– Personal data are no more necessary in relation to the objectives they were collected or processed;
– All those concerned revoke the consent pursuant the article 6, paragraph 1, letter A or article 9, paragraph 2, letter A and if there is no legal reason for the process;
– All those concerned oppose the treatment pursuant art. 21, paragraph 1 or 2 and there’s no legal reason to proceed
– Personal data are processed in illegal ways  Personal data should be cancelled to comply a legal obligation dictated from the Union or the Member State laws.

  • Lodge a complaint with the Garante to the address garante@gpdp.it or by pec to protocollo@pec.gpdp.it Way to exercise the rights

 

You may exercise your rights sending:

  • A registered letter AR to SGF SRL – Via della Fornace, 16 – 10040 Volvera (TO)
  • A pec to sgfinsonorizzazioni@postecert.it

Data Controller, Data Processor and officers

The Data Controller is SGF SRL –VAT n. 05195310015, legal and operative seat in 10040 Volvera (TO) Via della Fornace n. 16.

Up-to-date list of data processors are stored to the operative seat of the Data Controller.